Using tgapp user profile, index validate not working?

[andrew b]

Hi I'm trying to get this turbogears user control panel app to work. It's located here: http://pypi.python.org/pypi/tgapp-userprofile/0.0.2

I looked in the root controller of the app and it looks like my problem is here for validating the index or _default method:

@validate({'user':SQLAEntityConverter(app_model.User)},

              error_handler=fail_with(404))

It looks like maybe 'user' should be something else? I just get the 404 error when i try to get to the /userprofile/ page. And I know this line is probably the culprit because I changed the 404 to 403 in the code, and the webpage display changes with it.

[Alessandro Molina]

Are you asking for the /userprofile/ url? In that case you are missing the user id.

Should be /useprofile/3, if you want your own profile ask for /userprofile/me

--
You received this message because you are subscribed to the Google Groups "TurboGears" group.
To post to this group, send email to turbo...@googlegroups.com.
To unsubscribe from this group, send email to turbogears+...@googlegroups.com.
Visit this group at http://groups.google.com/group/turbogears?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[andrew b]

Thanks a lot, got it!

[neeraj mishra]

Is it possible to create a new user profile using the tgapp-userprofile. Because when I'm looking into its root controller, all the functions are using predicates.not_anonymous(). Which implies to me that only users whose userid is already created are not allowed to have the profile. There is no option for registration of the new user. Could any way is suggested for this thing.

Thanks a lot for your suggestion and time.

Neeraj

[Alessandro Molina]

On Mon, Feb 10, 2014 at 4:27 PM, neeraj mishra <neera...@gmail.com> wrote:

Is it possible to create a new user profile using the tgapp-userprofile. Because when I'm looking into its root controller, all the functions are using predicates.not_anonymous(). Which implies to me that only users whose userid is already created are not allowed to have the profile. There is no option for registration of the new user. Could any way is suggested for this thing.

Thanks a lot for your suggestion and time.

If I'm correctly understanding your question, you are looking for tgapp-registration, which provides user registration and activation. This will create a profile which can then be modified using tgapp-userprofile. 

[neeraj mishra]

Thanks a lot alessandro. 

--
You received this message because you are subscribed to a topic in the Google Groups "TurboGears" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/turbogears/AIzNuWC7y8o/unsubscribe.
To unsubscribe from this group and all its topics, send an email to turbogears+...@googlegroups.com.

To post to this group, send email to turbo...@googlegroups.com.

Visit this group at http://groups.google.com/group/turbogears.

For more options, visit https://groups.google.com/groups/opt_out.

--
be happy today n always remin so

[damien....@free.fr]

Hi all,

I have to implement a web application with authorization based on both "groups" of users (ie admin, simple user, etc) and ACL on some entities (ie a user can access his own entities).

Do you know a module or pluggable app implementing something like this "out-of-the-box"?

Thanks.

Damien

[neeraj mishra]

HI,

If you look into the bootstrap.py file inside websetup folder, you can make new users, put them in certain groups and give them the required permission. Then for the controllers in which you want only the authorize person should go, you can use the tg.predicates(). Visit this (http://turbogears.readthedocs.org/en/latest/turbogears/authorization.html)  link to know how to use the tg.predicates. 

[damien....@free.fr]

Hi,

I know this - this is what I means by groups of users. But I also need a "per object permissions", like you can find for example for djnago in django-guardian - https://github.com/lukaszb/django-guardian

The "per object permissions" is different from the "groups permissions"; it's complementary and actually I need both.

Damien

----- Mail original -----
De: "neeraj mishra" <neera...@gmail.com>
À: turbo...@googlegroups.com
Envoyé: Mercredi 12 Février 2014 11:27:33
Objet: Re: [TurboGears] ACL authorization 'out-of-the-box' ?

--
You received this message because you are subscribed to the Google Groups "TurboGears" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turbogears+...@googlegroups.com.

[Alessandro Molina]

This is a really good question, it has been raised multiple times and has an open issue on the github tracker: https://github.com/TurboGears/tg2/issues/34

The main reason why it has never been tackled it that is doesn't have a clear implementation and details and requirements depend both on developer preferences and ODM/ORM in use.

I really think this is something that should go into a tgext.* package, and not into TurboGears itself.

[damien....@free.fr]

I agree with you :this should be a tgext.* package. I'd be happy with something similar to what symfony framework offers: http://symfony.com/fr/doc/current/cookbook/security/acl.html

What about the open issue? Is there any work-in-progress stuff? I would be pleased to help (or to build a tgext package on my own, if no work is going on).

Damien

note : I would work with sqlalchemy (not ming)

----- Mail original -----
De: "Alessandro Molina" <alessand...@gmail.com>
À: "TurboGears ." <turbo...@googlegroups.com>
Envoyé: Vendredi 14 Février 2014 01:01:19

Objet: Re: [TurboGears] ACL authorization 'out-of-the-box' ?


This is a really good question, it has been raised multiple times and has an open issue on the github tracker: https://github.com/TurboGears/tg2/issues/34


The main reason why it has never been tackled it that is doesn't have a clear implementation and details and requirements depend both on developer preferences and ODM/ORM in use.
I really think this is something that should go into a tgext.* package, and not into TurboGears itself.



On Wed, Feb 12, 2014 at 12:15 PM, < damien....@free.fr > wrote:


Hi,

I know this - this is what I means by groups of users. But I also need a "per object permissions", like you can find for example for djnago in django-guardian - https://github.com/lukaszb/django-guardian

The "per object permissions" is different from the "groups permissions"; it's complementary and actually I need both.

Damien

----- Mail original -----
De: "neeraj mishra" < neera...@gmail.com >
À: turbo...@googlegroups.com
Envoyé: Mercredi 12 Février 2014 11:27:33
Objet: Re: [TurboGears] ACL authorization 'out-of-the-box' ?




HI,

If you look into the bootstrap.py file inside websetup folder, you can make new users, put them in certain groups and give them the required permission. Then for the controllers in which you want only the authorize person should go, you can use the tg.predicates(). Visit this ( http://turbogears.readthedocs.org/en/latest/turbogears/authorization.html ) link to know how to use the tg.predicates.

[Alessandro Molina]

On Fri, Feb 14, 2014 at 8:49 AM, <damien....@free.fr> wrote:

I agree with you :this should be a tgext.* package. I'd be happy with something similar to what symfony framework offers: http://symfony.com/fr/doc/current/cookbook/security/acl.html

What about the open issue? Is there any work-in-progress stuff? I would be pleased to help (or to build a tgext package on my own, if no work is going on).

As far as I know there is no work currently started, it has just been discussed. 

You are free to propose an implementation. I'm fine with keeping ACL separated from objects, it makes easier to attach them to already existing models.

Probably it makes sense to make it available through SQLAlchemy by providing a custom Session (much like TG does for master-slave: http://turbogears.readthedocs.org/en/latest/cookbook/master-slave.html ) so that users don't have to write explicit queries and can plug ACL into third party extensions like tgext.crud or even plugged applications. 

The only side effect is that it would require some attention so that the user can choose from which Session class the ACLSession should inherit to be able to mix Master-Slave with ACL.